Localhost no joy: Examples of trusting self-signed cert or verify=false or allow_redirect_on_scheme_change

[thelazydogsback]

Things are working fine when accessing my deployed endpoints, but trying to debug to localhost...

If I use https://localhost/8001 I get:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1000)
and for http://localhost/8000 I get:
Redirects with changing schemes not allowed by default.

Sorry if I'm missing something form the docs, but are there examples of either setting up the middleware to either recognize a self-signed cert, or not verify it, or to change allow_redirect_on_scheme_change = True in the middleware?

Currently my code looks like:

        auth_provider = AzureIdentityAuthenticationProvider(...)
        request_adapter = HttpxRequestAdapter(
            authentication_provider = auth_provider,
            base_url = self.base_url)
        client = MyClientKiota(request_adapter)

[baywet]

Hi @thelazydogsback
Thank you for using kiota and for reaching out.

If I'm understanding correctly, you were able to generate the API client, but you are not able to test it when targeting an API locally running?

Is the problem only happening for redirects (301/302) no being followed? Or are you not able to make any request at all and simply tried to find a setting in the code base?

[thelazydogsback]

Thanks again for the reply, @baywet .
Correct - I can generate the API and call (some) endpoints successfully using HTTPS & ingress endpoints in the cloud, but I'm not able to do so locally. I was looking for example code in the middleware to either/both use a crt/pem file to allow the SSC for HTTPS (or just disable verification during debugging), or to set the allow_redirect_on_scheme_change to True when using HTTP -- given the error messages generated, it seems like either one would unblock me.

[baywet]

Thank you for the additional information.
As you can see, the request adapter accepts an httpx client as a parameter and creates one when none is passed.
From httpx documentation it seems that passing False to verify disables SSL validation.
Given that information, you should be able to conditionally disable it whenever the URL is localhost, or when in running in "debug mode".
Let us know if you have any additional comments or questions.

[thelazydogsback]

Yes, I saw that but the docs weren't clear on whether I am supposed to create the client explicitly, or use a factory/middleware to somehow do so.

If I change the code to look like below, then it returns right away with None, and doesn't appear to send the request at all. (Same whether verify is True or False.)

        http_client = httpx.AsyncClient(verify=False)
        auth_provider = AzureIdentityAuthenticationProvider(...) 
        request_adapter = HttpxRequestAdapter(
            http_client = http_client,
            authentication_provider = auth_provider,
            base_url = self.base_url)
        client = MyClientKiota(request_adapter)

[baywet]

Are you able to make an arbitrary request (not using the kiota client, just using the httpx client) with this configuration to the localhost API?

[thelazydogsback]

Using the "IT crowd" method, I turned everything off and then on again, and now the last code above seems to be working :)
Thanks